Fix an overflow in on-stack replacement spill-slot allocation for Crankshaft.

BUG=v8:1407 TEST= Review URL: http://codereview.chromium.org/7231008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Fix an overflow in on-stack replacement spill-slot allocation for Crankshaft.
BUG=v8:1407 TEST= Review URL: http://codereview.chromium.org/7231008 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8367 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
8e740580 · whesse@chromium.org · 1e1387f1 · 8e740580 · 8e740580 · 8e740580
Commit 8e740580 authored Jun 22, 2011 by whesse@chromium.org
Showing with 13 additions and 3 deletions

lithium-arm.cc src/arm/lithium-arm.cc +3 -0

compiler.cc src/compiler.cc +2 -2

lithium-ia32.cc src/ia32/lithium-ia32.cc +3 -0

lithium.h src/lithium.h +2 -1

lithium-x64.cc src/x64/lithium-x64.cc +3 -0

No files found.
--- a/src/arm/lithium-arm.cc
+++ b/src/arm/lithium-arm.cc
@@ -2120,6 +2120,9 @@ LInstruction* LChunkBuilder::DoParameter(HParameter* instr) {

 LInstruction* LChunkBuilder::DoUnknownOSRValue(HUnknownOSRValue* instr) {
  int spill_index = chunk()->GetNextSpillIndex(false);  // Not double-width.
+  if (spill_index > LUnallocated::kMaxFixedIndex) {
+    Abort("Too many spill slots needed for OSR");
+  }
  return DefineAsSpilled(new LUnknownOSRValue, spill_index);
 }


--- a/src/compiler.cc
+++ b/src/compiler.cc
@@ -213,8 +213,8 @@ static bool MakeCrankshaftCode(CompilationInfo* info) {
  //
  // The encoding is as a signed value, with parameters and receiver using
  // the negative indices and locals the non-negative ones.
-  const int parameter_limit = (LUnallocated::kMaxFixedIndices / 2);
-  const int locals_limit = parameter_limit - 1;
+  const int parameter_limit = -LUnallocated::kMinFixedIndex;
+  const int locals_limit = LUnallocated::kMaxFixedIndex;
  Scope* scope = info->scope();
  if ((scope->num_parameters() + 1) > parameter_limit ||
      scope->num_stack_slots() > locals_limit) {

--- a/src/ia32/lithium-ia32.cc
+++ b/src/ia32/lithium-ia32.cc
@@ -2168,6 +2168,9 @@ LInstruction* LChunkBuilder::DoParameter(HParameter* instr) {

 LInstruction* LChunkBuilder::DoUnknownOSRValue(HUnknownOSRValue* instr) {
  int spill_index = chunk()->GetNextSpillIndex(false);  // Not double-width.
+  if (spill_index > LUnallocated::kMaxFixedIndex) {
+    Abort("Too many spill slots needed for OSR");
+  }
  return DefineAsSpilled(new LUnknownOSRValue, spill_index);
 }


--- a/src/lithium.h
+++ b/src/lithium.h
@@ -144,7 +144,8 @@ class LUnallocated: public LOperand {
  };

  static const int kMaxVirtualRegisters = 1 << (kVirtualRegisterWidth + 1);
-  static const int kMaxFixedIndices = 128;
+  static const int kMaxFixedIndex = 63;
+  static const int kMinFixedIndex = -64;

  bool HasIgnorePolicy() const { return policy() == IGNORE; }
  bool HasNoPolicy() const { return policy() == NONE; }

--- a/src/x64/lithium-x64.cc
+++ b/src/x64/lithium-x64.cc
@@ -2112,6 +2112,9 @@ LInstruction* LChunkBuilder::DoParameter(HParameter* instr) {

 LInstruction* LChunkBuilder::DoUnknownOSRValue(HUnknownOSRValue* instr) {
  int spill_index = chunk()->GetNextSpillIndex(false);  // Not double-width.
+  if (spill_index > LUnallocated::kMaxFixedIndex) {
+    Abort("Too many spill slots needed for OSR");
+  }
  return DefineAsSpilled(new LUnknownOSRValue, spill_index);
 }